Real-time communications security
Welcome to our blog, where we talk about the security, vulnerabilities and attacks affecting VoIP and WebRTC applications and infrastructure.
Subscribe to get blog updates, a newsletter and news.Read our latest posts:
- One presentation at ClueCon and five security advisories for FreeSWITCH
- Why volumetric DDoS cripples VoIP providers and what we see during pentesting
- Massive DDoS attacks on VoIP Providers and simulated DDoS testing
- SIPVicious OSS v0.3.4 released with exit codes and automation features
Long reads and articles:
- Killing bugs ... one vulnerability report at a time
- Abusing SIP for Cross-Site Scripting? Most definitely!
- Bug discovery diaries: Abusing VoIPmonitor for Remote Code Execution
- Details about CVE-2020-26262, bypass of Coturn's default access control protection
- Bug discovery diaries: uncovering sngrep overflow issues with blackbox fuzzing
- Smuggling SIP headers past Session Border Controllers FTW!
- Attacking a real VoIP System with SIPVicious OSS
- Jitsi Meet on Docker default passwords - how bad is it, how to detect and fix it
- How we abused Slack's TURN servers to gain access to internal services